(string) An optional override that the connection manager will write to the server
header in responses. If not set, the default is envoy.

max_request_headers_kb

(UInt32Value) The maximum request headers size for incoming connections.
If unconfigured, the default max request headers allowed is 60 KiB.
Requests that exceed this limit will receive a 431 response.
The max configurable limit is 96 KiB, based on current implementation
constraints.

idle_timeout

(Duration) The idle timeout for connections managed by the connection manager. The
idle timeout is defined as the period in which there are no active
requests. If not set, there is no idle timeout. When the idle timeout is
reached the connection will be closed. If the connection is an HTTP/2
connection a drain sequence will occur prior to closing the connection. See
drain_timeout.

stream_idle_timeout

(Duration) The stream idle timeout for connections managed by the connection manager.
If not specified, this defaults to 5 minutes. The default value was selected
so as not to interfere with any smaller configured timeouts that may have
existed in configurations prior to the introduction of this feature, while
introducing robustness to TCP connections that terminate without a FIN.

This idle timeout applies to new streams and is overridable by the
route-level idle_timeout. Even on a stream in
which the override applies, prior to receipt of the initial request
headers, the stream_idle_timeout
applies. Each time an encode/decode event for headers or data is processed
for the stream, the timer will be reset. If the timeout fires, the stream
is terminated with a 408 Request Timeout error code if no upstream response
header has been received, otherwise a stream reset occurs.

Note that it is possible to idle timeout even if the wire traffic for a stream is non-idle, due
to the granularity of events presented to the connection manager. For example, while receiving
very large request headers, it may be the case that there is traffic regularly arriving on the
wire while the connection manage is only able to observe the end-of-headers event, hence the
stream may still idle timeout.

A value of 0 will completely disable the connection manager stream idle
timeout, although per-route idle timeout overrides will continue to apply.

request_timeout

(Duration) A timeout for idle requests managed by the connection manager.
The timer is activated when the request is initiated, and is disarmed when the last byte of the
request is sent upstream (i.e. all decoding filters have processed the request), OR when the
response is initiated. If not specified or set to 0, this timeout is disabled.

drain_timeout

(Duration) The time that Envoy will wait between sending an HTTP/2 “shutdown
notification” (GOAWAY frame with max stream ID) and a final GOAWAY frame.
This is used so that Envoy provides a grace period for new streams that
race with the final GOAWAY frame. During this grace period, Envoy will
continue to accept new streams. After the grace period, a final GOAWAY
frame is sent and Envoy will start refusing new streams. Draining occurs
both when a connection hits the idle timeout or during general server
draining. The default grace period is 5000 milliseconds (5 seconds) if this
option is not specified.

delayed_close_timeout

(Duration) The delayed close timeout is for downstream connections managed by the HTTP connection manager.
It is defined as a grace period after connection close processing has been locally initiated
during which Envoy will flush the write buffers for the connection and await the peer to close
(i.e., a TCP FIN/RST is received by Envoy from the downstream connection).

Delaying Envoy’s connection close and giving the peer the opportunity to initiate the close
sequence mitigates a race condition that exists when downstream clients do not drain/process
data in a connection’s receive buffer after a remote close has been detected via a socket
write(). This race leads to such clients failing to process the response code sent by Envoy,
which could result in erroneous downstream processing.

If the timeout triggers, Envoy will close the connection’s socket.

The default timeout is 1000 ms if this option is not specified.

A value of 0 will completely disable delayed close processing, and the downstream connection’s
socket will be closed immediately after the write flush is completed.

(BoolValue) If set to true, the connection manager will use the real remote address
of the client connection when determining internal versus external origin and manipulating
various headers. If set to false or absent, the connection manager will use the
x-forwarded-for HTTP header. See the documentation for
x-forwarded-for,
x-envoy-internal, and
x-envoy-external-address for more information.

xff_num_trusted_hops

(uint32) The number of additional ingress proxy hops from the right side of the
x-forwarded-for HTTP header to trust when
determining the origin client’s IP address. The default is zero if this option
is not specified. See the documentation for
x-forwarded-for for more information.

(bool) If set, Envoy will not append the remote address to the
x-forwarded-for HTTP header. This may be used in
conjunction with HTTP filters that explicitly manipulate XFF after the HTTP connection manager
has mutated the request headers. While use_remote_address
will also suppress XFF addition, it has consequences for logging and other
Envoy uses of the remote address, so skip_xff_append should be used
when only an elision of XFF addition is intended.

via

(string) Via header value to append to request and response headers. If this is
empty, no via header will be appended.

generate_request_id

(BoolValue) Whether the connection manager will generate the x-request-id header if it does not exist. This defaults to
true. Generating a random UUID4 is expensive so in high throughput scenarios where this feature
is not desired it can be disabled.

(string) A list of header names used to create tags for the active span. The header name is used to
populate the tag name, and the header value is used to populate the tag value. The tag is
created if the specified header name is present in the request’s headers.

client_sampling

(type.Percent) Target percentage of requests managed by this HTTP connection manager that will be force
traced if the x-client-trace-id
header is set. This field is a direct analog for the runtime variable
‘tracing.client_sampling’ in the HTTP Connection Manager.
Default: 100%

random_sampling

(type.Percent) Target percentage of requests managed by this HTTP connection manager that will be randomly
selected for trace generation, if not requested by the client or not forced. This field is
a direct analog for the runtime variable ‘tracing.random_sampling’ in the
HTTP Connection Manager.
Default: 100%

overall_sampling

(type.Percent) Target percentage of requests managed by this HTTP connection manager that will be traced
after all other sampling checks have been applied (client-directed, force tracing, random
sampling). This field functions as an upper limit on the total configured sampling rate. For
instance, setting client_sampling to 100% but overall_sampling to 1% will result in only 1%
of client requests with the appropriate headers to be force traced. This field is a direct
analog for the runtime variable ‘tracing.global_enabled’ in the
HTTP Connection Manager.
Default: 100%

verbose

(bool) Whether to annotate spans with additional data. If true, spans will include logs for stream
events.

(DEFAULT) ⁣For every new connection, the connection manager will determine which
codec to use. This mode supports both ALPN for TLS listeners as well as
protocol inference for plaintext listeners. If ALPN data is available, it
is preferred, otherwise protocol inference is used. In almost all cases,
this is the right option to choose for this setting.

HTTP1

⁣The connection manager will assume that the client is speaking HTTP/1.1.

HTTP2

⁣The connection manager will assume that the client is speaking HTTP/2
(Envoy does not require HTTP/2 to take place over TLS or to use ALPN.
Prior knowledge is allowed).

(string, REQUIRED) The name of the route configuration. This name will be passed to the RDS
API. This allows an Envoy configuration with multiple HTTP listeners (and
associated HTTP connection manager filters) to use different route
configurations.